[Omnibox] Add multi-state DNS interception policy - policy piece.
Functionality will follow in crrev 2380212.
For enterprise users:
Enterprises may enable the feature, or enable did-you-mean without
checks, as they know their machines' path to DNS servers.
For non-enterprise users:
Adds a feature to roll out a new default-off behavior.
A heurisitic-based approach for non-enterprise users will follow, though
likely in a future milestone.
Bug: 1090985, 1090985
Change-Id: Icc7dff576cc503d6ffab23be38c1faea8cf22993
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2443689
Reviewed-by: Owen Min <zmin@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Tommy Li <tommycli@chromium.org>
Commit-Queue: Travis Skare <skare@chromium.org>
Cr-Commit-Position: refs/heads/master@{#815837}
diff --git a/chrome/browser/intranet_redirect_detector.cc b/chrome/browser/intranet_redirect_detector.cc
index c21bfecf..56eb9cf 100644
--- a/chrome/browser/intranet_redirect_detector.cc
+++ b/chrome/browser/intranet_redirect_detector.cc
@@ -73,6 +73,7 @@
registry->RegisterStringPref(prefs::kLastKnownIntranetRedirectOrigin,
std::string());
registry->RegisterBooleanPref(prefs::kDNSInterceptionChecksEnabled, true);
+ registry->RegisterIntegerPref(prefs::kIntranetRedirectBehavior, 0);
}
void IntranetRedirectDetector::Restart() {
diff --git a/chrome/browser/policy/configuration_policy_handler_list_factory.cc b/chrome/browser/policy/configuration_policy_handler_list_factory.cc
index bb231bf..2d29e91 100644
--- a/chrome/browser/policy/configuration_policy_handler_list_factory.cc
+++ b/chrome/browser/policy/configuration_policy_handler_list_factory.cc
@@ -619,6 +619,9 @@
{ key::kDNSInterceptionChecksEnabled,
prefs::kDNSInterceptionChecksEnabled,
base::Value::Type::BOOLEAN },
+ { key::kIntranetRedirectBehavior,
+ prefs::kIntranetRedirectBehavior,
+ base::Value::Type::INTEGER },
{ key::kAdvancedProtectionAllowed,
prefs::kAdvancedProtectionAllowed,
base::Value::Type::BOOLEAN },
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index d135b4e..988a4fa 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -1760,9 +1760,19 @@
// Boolean specifying that the intranet redirect detector should be enabled.
// Defaults to true.
+// Will be replaced by DNSInterceptionChecksBehavior, below; see notes for that
+// function.
const char kDNSInterceptionChecksEnabled[] =
"browser.dns_interception_checks_enabled";
+// Enum specifying the active behavior for the intranet redirect detector.
+// This will replace kDNSInterceptionChecksEnabled over time, though
+// currently both policies are in use. When the Enabled policy is set to false,
+// it effectively short-circuits the behavior, and it cannot be enabled by this
+// Behavior policy. Alternatively the policies can be considered to AND
+// together. Values are defined in IntranetRedirectDetector::RedirectorBehavior.
+const char kIntranetRedirectBehavior[] = "browser.intranet_redirect_behavior";
+
// An enum value of how the browser was shut down (see browser_shutdown.h).
const char kShutdownType[] = "shutdown.type";
// Number of processes that were open when the user shut down.
diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
index e90bcb6..13f9d47 100644
--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -583,6 +583,7 @@
extern const char kLastKnownIntranetRedirectOrigin[];
extern const char kDNSInterceptionChecksEnabled[];
+extern const char kIntranetRedirectBehavior[];
extern const char kShutdownType[];
extern const char kShutdownNumProcesses[];
diff --git a/chrome/test/data/policy/policy_test_cases.json b/chrome/test/data/policy/policy_test_cases.json
index 0b8d384..7815892 100644
--- a/chrome/test/data/policy/policy_test_cases.json
+++ b/chrome/test/data/policy/policy_test_cases.json
@@ -3862,6 +3862,22 @@
]
},
+ "IntranetRedirectBehavior": {
+ "os": ["chromeos", "linux", "mac", "win"],
+ "test_policy": { "IntranetRedirectBehavior": 0 },
+ "policy_pref_mapping_test": [
+ {
+ "policies": { "IntranetRedirectBehavior": 0 },
+ "prefs": {
+ "browser.intranet_redirect_behavior": {
+ "local_state": true,
+ "value": 0
+ }
+ }
+ }
+ ]
+ },
+
"----- Chrome OS policies ------------------------------------------------": {},
"ChromeOsLockOnIdleSuspend": {
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 89b7a61..1be8dbe 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -1552,7 +1552,7 @@
},
{
'name': 'DNSInterceptionChecksEnabled',
- 'owners': ['krb', 'jdonnelly'],
+ 'owners': ['krb@chromium.org', 'jdonnelly@chromium.org'],
'type': 'main',
'schema': { 'type': 'boolean' },
'supported_on': ['chrome.*:80-', 'chrome_os:80-'],
@@ -1571,6 +1571,52 @@
When this policy is not set, or is enabled, the DNS interception checks are performed. When explicitly disabled, they're not.'''
},
{
+ 'name': 'IntranetRedirectBehavior',
+ 'owners': ['jdonnelly@chromium.org', 'tommycli@chromium.org'],
+ 'type': 'int-enum',
+ 'schema': {
+ 'type': 'integer',
+ 'enum': [ 0, 1, 2, 3 ],
+ },
+ 'items': [
+ {
+ 'name': 'Default',
+ 'value': 0,
+ 'caption': '''Use default browser behavior.''',
+ },
+ {
+ 'name': 'DisableInterceptionChecksDisableInfobar',
+ 'value': 1,
+ 'caption': '''Disable DNS interception checks and did-you-mean "http://intranetsite/" infobars.''',
+ },
+ {
+ 'name': 'DisableInterceptionChecksEnableInfobar',
+ 'value': 2,
+ 'caption': '''Disable DNS interception checks; allow did-you-mean "http://intranetsite/" infobars.''',
+ },
+ {
+ 'name': 'EnableInterceptionChecksEnableInfobar',
+ 'value': 3,
+ 'caption': '''Allow DNS interception checks and did-you-mean "http://intranetsite/" infobars.''',
+ }
+ ],
+ 'future_on': ['chrome.*', 'chrome_os'],
+ 'features': {
+ 'dynamic_refresh': True,
+ 'per_profile': False,
+ },
+ 'example_value': 1,
+ 'id': 792,
+ 'caption': '''Intranet Redirection Behavior''',
+ 'tags': [],
+ 'desc': '''This policy configures behavior for intranet redirection via DNS interception checks. The checks attempt to discover whether the browser is behind a proxy that redirects unknown host names.
+
+ If this policy is not set, the browser will use the default behavior of DNS interception checks and intranet redirect suggestions. In M88, they are enabled by default but will be disabled by default in the future release.
+
+ <ph name="DNS_INTERCEPTION_CHECKS_ENABLED_POLICY_NAME">DNSInterceptionChecksEnabled</ph> is a related policy that may also disable DNS interception checks; this policy is a more flexible version which may separately control intranet redirection infobars and may be expanded in the future.
+ If either <ph name="DNS_INTERCEPTION_CHECKS_ENABLED_POLICY_NAME">DNSInterceptionChecksEnabled</ph> or this policy requests to disable interception checks, the checks will be disabled.'''
+ },
+ {
'name': 'Http09OnNonDefaultPortsEnabled',
'owners': ['file://components/policy/resources/OWNERS'],
'type': 'main',
@@ -24462,6 +24508,6 @@
'placeholders': [],
'deleted_policy_ids': [114, 115, 412, 476, 544, 546, 562, 569, 578],
'deleted_atomic_policy_group_ids': [],
- 'highest_id_currently_used': 791,
+ 'highest_id_currently_used': 792,
'highest_atomic_group_id_currently_used': 40
}
diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
index 461cd23..7b8d688 100644
--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -22236,6 +22236,7 @@
<int value="789" label="DeviceFamilyLinkAccountsAllowed"/>
<int value="790" label="EduCoexistenceToSVersion"/>
<int value="791" label="BrowsingDataLifetime"/>
+ <int value="792" label="IntranetRedirectBehavior"/>
</enum>
<enum name="EnterprisePolicyDeviceIdValidity">
